Super Contributor II

PPTN confiogured now what?

O.k. I've just configured a 2930F pair of switches as a stack ... and then PPTN on a sete of ports talking to a mobility controler running


xb-as-2930-1# show tunneled-node-server

Tunneled Node Server Information

State : Enabled
Primary Controller :
Backup Controller :
Keepalive Interval (seconds) : 8
Mode : Port-based


b-as-2930-1# show tunneled-node-server statistics

Tunneled Node Statistics

Port : 1/1
Port : 1/2
Port : 1/3
Port : 1/4
Port : 1/5
Port : 1/6
Port : 1/7
Port : 1/8
Port : 1/9
Port : 1/10
Port : 2/1

Control Plane Statistics

Bootstrap packets sent : 21
Bootstrap packets received : 21
Bootstrap packets invalid : 0

Tunnel Statistics

Rx Packets : 3
Tx Packets : 3
Rx 5 Minute Weighted Average Rate (Pkts/sec) : 0
Tx 5 Minute Weighted Average Rate (Pkts/sec) : 0

Port : 2/2
Port : 2/3
Port : 2/4
Port : 2/5
Port : 2/6
Port : 2/7
Port : 2/8
Port : 2/9
Port : 2/10

Aggregate Statistics

Heartbeat packets sent : 156
Heartbeat packets received : 156
Heartbeat packets invalid : 0
Fragmented Packets Dropped (Rx) : 0
Packets to Non-Existent Tunnel : 0
MTU Violation Drop : 0



looking at the switch port with a device connected to it

xb-as-2930-1(eth-2/1)# sh mac-address 2/1

Status and Counters - Port Address Table - 2/1

MAC Address VLANs
----------------- ------------
4409b8-1ee4bb 4094

Where 4409.... is a Chromecast 4K device wired interface.


on the mobility controller

(arubadev2) #show tunneled-node state

Tunneled Node State
IP MAC port state vlan tunnel inactive-time
-- --- ---- ----- ---- ------ ------------- ec:eb:b8:2e:8d:cb 2/1 complete 4094 102 1



So now what ? Should I have expected to see the chromecast mac address on the mobiliy controller?  ... something appears in clearpass ?


Didn;t configure the example roles as I've got ones defined on the controller.




Super Contributor II

Re: PPTN confiogured now what?

o.k. helps if you configure the wired AAA  authentication component. Can n ow see the device mac address appearing in clearpass. Its sending an access-request back with the wrong stuff in it, but at lest its breathing!


Super Contributor II

Re: PPTN configured now what?

Next question, if the device is on  a switch connected to a vlan defined as part of a per port tunneled node which also exists on the mobility controller but doesn't have an L3 interface, am i correct in thinking that the clearpass access-accept packet just needs to send back a local vlan value that is L3 routed on the mobility controller and the device at the other end will get an Ip address assigned from that VLAN ?
Ah! from the  document

With tunneled-node, the client device’s VLAN is assigned and enforced by the controller. In a tunneled-node only deployment, no client device access networks need to be configured at the edge switch layer.

So all I do need to do is assign device to correct vlan on controller

Intention here is to have a wired airgroup device connected to the switch visible by wifi airgroup devices connected via the same contoller
Super Contributor II

Re: PPTN configured now what?

o.k. so with a bit of clearpass "tweaking" I now have a chromecast video device connected to a wired port on a 2930F that is sitting in the same vlan group as another wifi based  chromcast device ... can't see it yet on my iphone ... but major step in right direction

Search Airheads
Showing results for 
Search instead for 
Did you mean: